在Kubernetes中使用traefik作为负载均衡器的问题 [英] Problem using traefik as load balancer in Kubernetes
问题描述
这种情况是我有两个相互连接的k8s服务.两者都是烧瓶服务器.它们之间的连接如下,如果有人在第一个服务器上发布了POST,它将获得文本输入,然后将其发布到第二个服务器上,该服务器将更多文本添加到用户发布的原始文本中,最后,两个文本一起返回到第一台服务器,然后它将最终文本返回给用户.
The situation is that I have two k8s services which are connected between them. Both are flask servers. The connection between them is as follows, if someone makes a POST to the first one, this get the text input and POST it to the second server which adds some more text to the original text that was posted by the user and, finally, the two texts together are returned to the first server and it returns the final text to the user.
要允许我的k8s服务之间相互连接(称为主服务器和从服务器,它们匹配标签app-master和app-slave),我具有以下networkPolicy:
To allow this connection between my k8s services (called master and slave, which matchlabels app-master and app-slave) I have the following networkPolicy:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master
要从租户外部进行卷发,我必须使用traefik,因为我正在一个已经将traefik作为NodePort的租户中工作,因此我不能将主服务公开为nodePort或将其转换为LoadBalancer类型.我对此应用程序的入口是下一个
To make a curl from outside the tenant I have to use traefik because I am working in a tenant which already has traefik as NodePort, so I can NOT expose my master service as nodePort or convert it to kind LoadBalancer. The ingress I have for this application is the next
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001
我还有一个DNS,该DNS允许我向地址( https://name_in_the_DNS )发出请求,向我的租户的IP请求.问题是当我尝试执行以下请求时:
I have also a DNS which allows me to make request to an address (https://name_in_the_DNS) instead of doing the requests to the IP of my tenant. The problem is that when I try to do the following request:
curl https://name_in_the_DNS/master -X POST -d texto
给我一个错误(网关超时).如果我使用"kubectl port-forward",则该应用程序将按预期工作.关于如何解决此问题的任何想法?我想这与networkPolicy有关,因为我在租户中还有其他应用程序,并且curl请求对它们有效.
Gives me an error (Gateway Timeout). While if I use "kubectl port-forward" the app works as expected. Any idea of how to solve this issue? I suppose it has something to do with the networkPolicy because I have other applications inside the tenant and the curl requests works for them.
提前谢谢!
For looking at the services and deployments yamls: Could two cluster IP services be connected in Kubernetes?
推荐答案
问题已解决.事实是,我们在其他名称空间中有traefik,因此缺少允许任何名称空间之间进行通信的另一个网络策略.解决该问题的Yaml如下.
The problem is already solved. The thing is that we have traefik in other namespace so another networkpolicy which allows communication between any namespace was missing. The yaml which fixed the issue is as follows.
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: all-to-all
namespace: innovation
spec:
podSelector: {} #all pods in the namespace (innovation)
ingress:
- from:
- namespaceSelector: {} #from all namespaces, including the one in which traefik ingress is located
policyTypes:
- Ingress
这篇关于在Kubernetes中使用traefik作为负载均衡器的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
